IET Information Security最新文献

Information security in institutions of higher learning is a persistent challenge that requires immediate attention. The plethora of reported information security breaches in higher education institutions (HEIs) corroborates this. This study reviews 358 articles from reputable journals and databases, synthesized following the preferred reporting items for systematic reviews and meta-analyses framework, to examine the information security practices of HEIs in the last 5 years. This study reveals that information security in HEIs is best advanced through a holistic strategy that integrates adaptive policy frameworks, continuous and context-specific training, resilient organizational culture, and judicious deployment of technological innovations. While existing approaches have improved compliance and risk mitigation, persistent gaps in implementation, resource allocation, and cultural alignment limit their overall impact. By synthesizing insights from policy, training, cultural, and technological perspectives, this research underscores the need for socio-technical approaches that recognize human behavior as a pivotal determinant of institutional resilience. Furthermore, the analysis highlights how emerging technologies, such as AI-driven threat detection and blockchain, can only achieve their transformative potential when embedded within inclusive governance structures and culturally supportive environments. The contribution of this study lies in demonstrating that sustainable cybersecurity in higher education requires a shift from fragmented interventions toward integrated, system-wide frameworks that harmonize people, processes, and technology. Such an approach not only strengthens protection of academic and research assets but also provides a foundation for long-term adaptability in the face of evolving cyber threats. The study advances an information security conceptual model and identifies gaps for areas of further research.

Electronic health records (EHRs) have become a crucial application in cloud computing environments, necessitating advanced privacy-preserving access control mechanisms. Ciphertext policy attribute-based encryption (CP-ABE) is a widely recognized solution for secure access control in outsourced data environments. However, existing CP-ABE models face challenges related to revocation efficiency, access policy exposure, and computational burden on data owners (DOs). Even though several research works have extensively tackled this issue, most rely on re-encryption or ciphertext updates and outsourcing strategies to proxies. However, optimization for querying all affected ciphertexts to reduce re-encryption/ciphertext update costs is often overlooked, and the cost associated with frequent blockchain transactions for ciphertext updates and revocation records has not been addressed. Furthermore, most works do not support both attribute and user revocation efficiently. To address these issues, we propose an enhanced revocable CP-ABE-based access control scheme with optimized revocation performance (R-CP-ABE-ORP). This scheme integrates ciphertext aggregation, lazy re-encryption with revocation tokens, proxy-assisted lightweight re-encryption (PRE-LR), blockchain, and bloom filters for fast queries to significantly improve revocation efficiency. The proposed scheme ensures forward and backward security while maintaining efficient ciphertext update and policy enforcement mechanisms. Experimental evaluations confirm that the proposed scheme outperforms related works in revocation efficiency, computational cost, and query performance.

The guess-and-determine technique find wide applications in the recovery of unknown variables within given system of relations. The fundamental concept behind this technique involves guessing certain unknown variables and deducing the remaining ones based on the relational system. In the context of symmetric cryptography analysis, the guess-and-determine technique is employed to deduce partial subkey information to recover the master key. The set of variables that need to be guessed is called the guess basis.The crux of the guess-and-determine technique lies in identifying the minimal guess basis. By introducing new equal relations and initial constraints, this paper enhances the minimal guess basis mixed integer linear programming (MILP) model. The new model offers a more comprehensive depiction of key schedule, thereby enabling a more accurate and efficient derivation of the minimal guess basis.The novel model is applied to the eight-sided fortress (ESF) block cipher algorithm. By extending forward by three rounds and backward by three rounds based on a nine-round impossible differential distinguisher, a 15-round impossible differential attack is conducted. Utilizing the new model, the minimal guess basis required for key recovery is determined to be 54 bits. This represents a significant improvement compared to the existing result of 58 bits.The results indicate that for a 15-round impossible differential attack on the ESF algorithm, the data complexity is 2^31.18 CP, the time complexity involves 2^61.67 iterations of 15-round encryption, and the memory complexity is 2^66.18 bytes. Furthermore, this paper introduces, for the first time, a principle for designing key scheduling algorithms based on the guessing basis. This principle is applied to the ESF algorithm, where the minimal guess basis is employed to determine the positions of S-boxes and the parameters for cyclic shifts within the key scheduling algorithm. Without altering the consumption of software or hardware resources, a global optimal search is conducted among various key scheduling candidate approaches. By employing an equivalence class partitioning approach derived from 2108 instances of nine-round impossible differential distinguishers, the search space is reduced. Eventually, a selection process identifies a set of eight novel key schedule algorithms that achieve the maximum value of 77 bits for the minimal guess basis. These new key scheduling algorithms exhibit enhanced resistance against impossible differential attacks.

The fact that designing secure and efficient identity or attribute-based encryption (ABE) schemes requires the use of specific algebraic tools like bilinear pairings or lattices is well known in the cryptographic community. However, some journals whose main topics are not cryptographic still publish papers proposing, for instance, ABE schemes in settings like the (pairing-free) discrete logarithm one. The goal of this submission is to emphasize, once again, the statements in the two previous paragraphs. As an illustration, we describe attacks on five insecure schemes that have recently been published in (prestigious) journals.

Draco is a lightweight small-state stream cipher proposed in 2022. It is designed to provide a 128-bit security level and be provably secure against time-memory-data trade-off (TMDTO) attacks. In this paper, we revisit the security of Draco against TMDTO attacks. Based on a new observation that for certain chosen initialization vectors (IVs) the state update function of Draco depends on only a small fraction of the nonvolatile internal state, a new TMDTO attack on Draco with a time complexity of 2^109.2 Draco iterations, a memory complexity of 2^109.6 bits and a data complexity of 2⁶⁴ bits is proposed. The attack is 2⁵ times better in the time/memory complexity with the same data complexity compared with the existing TMDTO attack. Furthermore, the security level that Draco can theoretically provide against TMDTO attacks is analyzed. As result, another TMDTO attack on Draco with complexities all below 2⁸⁷ is proposed. The cryptanalytic result shows that the Draco stream cipher can only offer an 87-bit security level against TMDTO attacks if the limitation on keystream length is not considered. Our results indicate that how to design a secure small-state stream cipher still needs further exploration.

The inefficiency of bootstrapping is the primary bottleneck preventing fully homomorphic encryption (FHE) from practical applications. One of the main obstacles to improving the bootstrapping performance using hardware acceleration is the large storage overhead of the bootstrapping keys. To the best of our knowledge, a recent TFHE-like FHE scheme proposed by Xiang and colleagues in 2023 has the smallest bootstrapping key size, which is about 70 MB for 128-bit security parameter (including 60 MB for the key-switching keys and about 10 MB for the blind rotation keys). In this paper, we further improved the bootstrapping algorithm of Xiang et al. with a 30x reduction in key size and a 1.2x speedup. In particular, our new algorithm only requires less than 3 MB bootstrapping keys and can be completed in merely 3 ms at 128-bit security. Technically, we rearranged the main process of the TFHE-like bootstrapping algorithm which allows us to greatly reduce the size of the key-switching keys from previous $$ to $$ bits, where n is the dimension of the lattice. We also improved the computation of the automorphisms by using a single generator, which allows us to reduce the blind rotation key size from previous $$ to $$ bits, where q is the modulus of the ciphertext. Finally, we apply our new FHE scheme to discretized neural networks (DiNNs). Experimental results show that compared to a previous FHE-friendly DiNN approach by Bourse and colleagues in 2018 at the same security and accuracy, our approach achieves a 36x reduction in memory and a 8x speedup in time.

The rapid growth of Internet of Things (IoT) devices has posed significant security challenges, particularly in detecting anomalies and malicious behaviors in network traffic. This study presents an innovative intrusion detection system (IDS) framework that combines Gaussian noise injection and Hurst parameter calculation with a hybrid convolutional neural network-long short-term memory (CNN-LSTM) model for anomaly detection in IoT traffic. The proposed approach is evaluated using the CIC-IDS2017 dataset, a comprehensive source representing network attacks. During the preprocessing stage, noise is added to simulate real-world network fluctuations, and Hurst parameter values are calculated to measure the long-term memory of traffic patterns. Principal component analysis (PCA) is also employed to reduce data dimensionality while preserving critical features, including the Hurst parameter. The CNN-LSTM model, optimized with the Adam optimizer, effectively learns the spatiotemporal features of network traffic and demonstrates high accuracy in classifying benign and attack samples. Experimental results reveal that the model achieves an accuracy and detection rate of 99.69%, even in the presence of noise. Incorporating the Hurst parameter as a distinguishing feature enhances the detection of subtle anomalies that traditional IDS methods may overlook. The anomaly detection mechanism analyzes traffic patterns using an error threshold and flags deviations as potential security threats. The proposed IDS framework effectively distinguishes between normal and malicious traffic, balancing the detection of both rare and common attacks. The findings underscore the importance of integrating statistical metrics, such as the Hurst parameter, with deep learning models to enhance the robustness and reliability of IoT security systems. This hybrid approach addresses the dynamic and evolving nature of IoT networks, offering a scalable and efficient solution for real-time anomaly detection. The proposed method marks a promising advancement in securing IoT ecosystems against evolving cyberthreats.

Ensuring the information security and privacy of users in the Internet of Vehicles (IoV) is crucial for gaining user trust and promoting the application of vehicular networks. This article designs an efficient linkable ring signature (LRS) scheme on the basis of the middle-product learning with errors (MP-LWE) problem and applies it to vehicular networks to resist quantum computer attacks. First, a new authentication scheme based on the MP-LWE problem is proposed. In addition, it is demonstrated to be compatible with the DualRing framework. Then, according to the transformation of DualRing, a new efficient ring signature scheme based on the MP-LWE problem is obtained. With anti-collision hash functions to assign a specific tag to each user, this ring signature scheme is converted into a secure LRS scheme. Subsequently, under the random oracle model, the unforgeability, anonymity, and linkability of the LRS scheme are shown. Furthermore, by integrating the scheme constructed in this article with blockchain technology and applying it to IoV scenarios, it effectively ensures the privacy of vehicle identities during communication and the reliability of messages and significantly improves communication efficiency. The signature length of the LRS scheme designed in the present study is 4–20 times shorter than that of similar schemes. Regarding time overhead, the total time overhead of our scheme can be reduced by 14.72%–40.38%.

Intent vulnerabilities pose a significant threat as they allow attackers to exploit unverified intent messages, leading to sensitive data leaks, privilege escalations, or unauthorized actions that compromise user privacy and system security. Fuzzing methods, as traditional Intent vulnerability detection methods, are guided by the edge coverage of the program-directed graph and do not focus on sensitive information, resulting in a lack of ability to discover vulnerabilities related to sensitive information, especially long-path vulnerabilities. This article proposes PathFuzzer, which is an intent-sensitive information flow path-guided fuzzing method designed to efficiently detect intent vulnerabilities in Android applications. It leverages intent-sensitive information flow paths to guide fuzzing by sending test cases along these paths and mutating test cases based on the parameter within the paths. Additionally, PathFuzzer utilizes unique long path encoding and key node identification technology to enable test cases to efficiently test along sensitive information flow paths, while monitoring the test status to form a feedback mechanism for long paths. The evaluation results show that PathFuzzer successfully detected 131 intent vulnerabilities across 500 popular applications from Google Play. Compared to traditional methods, PathFuzzer achieved a 92% average path coverage rate on sensitive paths while improving detection efficiency by an average of up to 64%. In summary, PathFuzzer provides an efficient, accurate, and comprehensive method for detecting Intent vulnerabilities.

Digital advancements have made cloud computing and IoT essential for innovative environments such as healthcare and industry. Cloud platforms offer scalable compute and storage capabilities, whereas IoT devices generate real-time data. However, there are significant challenges faced while integrating the IoT with cloud to achieve robust, scalable, and secure access control. Traditional centralized models, such as static rule-based mechanisms and public key infrastructure (PKI), are prone to single points of failure and suffer from limited scalability and poor adaptability. To address these issues, this paper proposes a decentralized access control architecture that combines blockchain with a hybrid bidirectional graph convolutional network (Bi-GCN). The framework integrates ciphertext policy-attribute based encryption (CP-ABE) with trusted platform module (TPM)–based pseudonymous identities and the blockchain smart contracts for fine- and hardware-assisted access control. A generative adversarial network (GAN)-assisted prevalidation layer filters sybil, tampering, and spoofing attempts before block inclusion, enhancing integrity and reducing overhead. Bi-GCN supports real-time anomaly detection, trust adaptation, and behavior profiling, while smart contracts enforce adaptive role-attribute policies. Experimental results show that the proposed model outperforms existing methods across key metrics, including 0.97 accuracy, 0.98 F-measure, and minimal security overhead of 0.7%. Although it introduces slight latency due to advanced processing, the benefits of secure and intelligent access management outweigh the trade-off. The integration of blockchain ensures decentralized and immutable policy enforcement, while Bi-GCN facilitates self-adaptive security, making the architecture suitable for dynamic IoT–cloud ecosystems.